converted hint analyzer to use an externalized configuration file to simplify the resolution of issue #522

dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintHandlerTest.java

@@ -0,0 +1,77 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2016 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.xml.hints;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.io.UnsupportedEncodingException;
+import java.util.List;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+import org.junit.Test;
+import static org.junit.Assert.*;
+import org.owasp.dependencycheck.BaseTest;
+import org.owasp.dependencycheck.suppression.SuppressionErrorHandler;
+import org.owasp.dependencycheck.suppression.SuppressionHandler;
+import org.owasp.dependencycheck.suppression.SuppressionParser;
+import org.owasp.dependencycheck.suppression.SuppressionRule;
+import org.xml.sax.Attributes;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
+import org.xml.sax.XMLReader;
+
+/**
+ *
+ * @author Jeremy Long
+ */
+public class HintHandlerTest extends BaseTest {
+    
+    @Test
+    public void testHandler() throws ParserConfigurationException, SAXNotRecognizedException, SAXNotSupportedException, SAXException, FileNotFoundException, UnsupportedEncodingException, IOException {
+        File file = BaseTest.getResourceAsFile(this, "hints.xml");
+        File schema = BaseTest.getResourceAsFile(this, "schema/dependency-hint.1.0.xsd");
+        HintHandler handler = new HintHandler();
+
+        SAXParserFactory factory = SAXParserFactory.newInstance();
+        factory.setNamespaceAware(true);
+        factory.setValidating(true);
+        SAXParser saxParser = factory.newSAXParser();
+        saxParser.setProperty(HintParser.JAXP_SCHEMA_LANGUAGE, HintParser.W3C_XML_SCHEMA);
+        saxParser.setProperty(HintParser.JAXP_SCHEMA_SOURCE, schema);
+        XMLReader xmlReader = saxParser.getXMLReader();
+        xmlReader.setErrorHandler(new HintErrorHandler());
+        xmlReader.setContentHandler(handler);
+
+        InputStream inputStream = new FileInputStream(file);
+        Reader reader = new InputStreamReader(inputStream, "UTF-8");
+        InputSource in = new InputSource(reader);
+        xmlReader.parse(in);
+
+        List<HintRule> result = handler.getHintRules();
+        assertEquals("two hint rules should have been loaded",2,result.size());
+    }
+
+}

dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintParserTest.java

@@ -0,0 +1,69 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2016 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.xml.hints;
+
+import java.io.File;
+import java.io.InputStream;
+import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+import org.owasp.dependencycheck.BaseTest;
+
+/**
+ *
+ * @author Jeremy Long
+ */
+public class HintParserTest extends BaseTest {
+
+    /**
+     * Test of parseHints method, of class HintParser.
+     */
+    @Test
+    public void testParseHints_File() throws Exception {
+        File file = BaseTest.getResourceAsFile(this, "hints.xml");
+        HintParser instance = new HintParser();
+        Hints results = instance.parseHints(file);
+        assertEquals("Two duplicating hints should have been read", 2, results.getVendorDuplicatingHintRules().size());
+        assertEquals("Two hint rules should have been read", 2, results.getHintRules().size());
+    }
+
+    /**
+     * Test of parseHints method, of class HintParser.
+     */
+    @Test
+    public void testParseHints_InputStream() throws Exception {
+        InputStream ins = BaseTest.getResourceAsStream(this, "hints.xml");
+        HintParser instance = new HintParser();
+        Hints results = instance.parseHints(ins);
+        assertEquals("Two duplicating hints should have been read", 2, results.getVendorDuplicatingHintRules().size());
+        assertEquals("Two hint rules should have been read", 2, results.getHintRules().size());
+        assertEquals("One add product should have been read", 1, results.getHintRules().get(0).getAddProduct().size());
+        assertEquals("One add vendor should have been read", 1, results.getHintRules().get(0).getAddVendor().size());
+        assertEquals("Two file name should have been read", 2, results.getHintRules().get(1).getFilenames().size());
+
+        assertEquals("add product name not found", "add product name", results.getHintRules().get(0).getAddProduct().get(0).getName());
+        assertEquals("add vendor name not found", "add vendor name", results.getHintRules().get(0).getAddVendor().get(0).getName());
+        assertEquals("given product name not found", "given product name", results.getHintRules().get(0).getGivenProduct().get(0).getName());
+        assertEquals("given vendor name not found", "given vendor name", results.getHintRules().get(0).getGivenVendor().get(0).getName());
+
+        assertEquals("spring file name not found", "spring", results.getHintRules().get(1).getFilenames().get(0).getValue());
+        assertEquals("file name 1 should not be case sensitive", false, results.getHintRules().get(1).getFilenames().get(0).isCaseSensitive());
+        assertEquals("file name 1 should not be a regex", false, results.getHintRules().get(1).getFilenames().get(0).isRegex());
+        assertEquals("file name 2 should be case sensitive", true, results.getHintRules().get(1).getFilenames().get(1).isCaseSensitive());
+        assertEquals("file name 2 should be a regex", true, results.getHintRules().get(1).getFilenames().get(1).isRegex());
+    }
+}

dependency-check-core/src/test/resources/hints.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hints xmlns="https://jeremylong.github.io/DependencyCheck/dependency-hint.1.0.xsd">
+	<hint>
+		<given>
+			<evidence type="product" source="product source" name="given product name" value="value" confidence="HIGH"/>
+			<evidence type="vendor" source="vendor source" name="given vendor name" value="value" confidence="HIGH"/>
+		</given>
+		<add>
+			<evidence type="product" source="hint analyzer" name="add product name" value="product" confidence="HIGH"/>
+			<evidence type="vendor" source="hint analyzer" name="add vendor name" value="vendor" confidence="HIGH"/>
+		</add>
+	</hint>
+	<hint>
+		<given>
+			<fileName contains="spring"/>	
+			<fileName contains="struts" regex="true" caseSensitive="true"/>	
+		</given>
+		<add>
+			<evidence type="product" source="hint analyzer" name="product" value="product" confidence="HIGH"/>
+			<evidence type="vendor" source="hint analyzer" name="vendor" value="vendor" confidence="HIGH"/>
+		</add>
+	</hint>
+	<vendorDuplicatingHint value="sun" duplicate="oracle"/>	
+	<vendorDuplicatingHint value="oracle" duplicate="sun"/>	
+</hints>